phpmyadmin -- file disclosure vulnerability

Details

VuXML ID

9f0a405e-4edd-11d9-a9e7-0001020eed82

Discovery

2004-12-13

Entry

2004-12-15

Modified

2004-12-19

A phpMyAdmin security announcement reports:

File disclosure: on systems where the UploadDir mecanism
is active, read_dump.php can be called with a crafted
form; using the fact that the sql_localfile variable is
not sanitized can lead to a file disclosure.